nsinnovations/erpnext
2
0
Fork 0
mirror of https://github.com/frappe/erpnext.git synced 2026-06-04 04:39:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: secure bulk transaction (#45386)

Browse Source
This commit is contained in:
Raffael Meyer
2025-01-24 10:14:26 +01:00
committed by GitHub
parent 42edb9f5b1
commit a9bc395e98
8 changed files with 120 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
erpnext/accounts/doctype/purchase_invoice/purchase_invoice_list.js
View File

@@ -45,12 +45,16 @@ frappe.listview_settings["Purchase Invoice"] = {
}, },
onload: function (listview) { onload: function (listview) {
listview.page.add_action_item(__("Purchase Receipt"), () => { if (frappe.model.can_create("Purchase Receipt")) {
erpnext.bulk_transaction_processing.create(listview, "Purchase Invoice", "Purchase Receipt"); listview.page.add_action_item(__("Purchase Receipt"), () => {
}); erpnext.bulk_transaction_processing.create(listview, "Purchase Invoice", "Purchase Receipt");
});
}
listview.page.add_action_item(__("Payment"), () => { if (frappe.model.can_create("Payment Entry")) {
erpnext.bulk_transaction_processing.create(listview, "Purchase Invoice", "Payment Entry"); listview.page.add_action_item(__("Payment"), () => {
}); erpnext.bulk_transaction_processing.create(listview, "Purchase Invoice", "Payment Entry");
});
}
}, },
}; };

16
erpnext/accounts/doctype/sales_invoice/sales_invoice_list.js
View File

@@ -32,12 +32,16 @@ frappe.listview_settings["Sales Invoice"] = {
right_column: "grand_total", right_column: "grand_total",
onload: function (listview) { onload: function (listview) {
listview.page.add_action_item(__("Delivery Note"), () => { if (frappe.model.can_create("Delivery Note")) {
erpnext.bulk_transaction_processing.create(listview, "Sales Invoice", "Delivery Note"); listview.page.add_action_item(__("Delivery Note"), () => {
}); erpnext.bulk_transaction_processing.create(listview, "Sales Invoice", "Delivery Note");
});
}
listview.page.add_action_item(__("Payment"), () => { if (frappe.model.can_create("Payment Entry")) {
erpnext.bulk_transaction_processing.create(listview, "Sales Invoice", "Payment Entry"); listview.page.add_action_item(__("Payment"), () => {
}); erpnext.bulk_transaction_processing.create(listview, "Sales Invoice", "Payment Entry");
});
}
}, },
}; };

24
erpnext/buying/doctype/purchase_order/purchase_order_list.js
View File

@@ -47,16 +47,22 @@ frappe.listview_settings["Purchase Order"] = {
listview.call_for_selected_items(method, { status: "Submitted" }); listview.call_for_selected_items(method, { status: "Submitted" });
}); });
listview.page.add_action_item(__("Purchase Invoice"), () => { if (frappe.model.can_create("Purchase Invoice")) {
erpnext.bulk_transaction_processing.create(listview, "Purchase Order", "Purchase Invoice"); listview.page.add_action_item(__("Purchase Invoice"), () => {
}); erpnext.bulk_transaction_processing.create(listview, "Purchase Order", "Purchase Invoice");
});
}
listview.page.add_action_item(__("Purchase Receipt"), () => { if (frappe.model.can_create("Purchase Receipt")) {
erpnext.bulk_transaction_processing.create(listview, "Purchase Order", "Purchase Receipt"); listview.page.add_action_item(__("Purchase Receipt"), () => {
}); erpnext.bulk_transaction_processing.create(listview, "Purchase Order", "Purchase Receipt");
});
}
listview.page.add_action_item(__("Advance Payment"), () => { if (frappe.model.can_create("Payment Entry")) {
erpnext.bulk_transaction_processing.create(listview, "Purchase Order", "Payment Entry"); listview.page.add_action_item(__("Advance Payment"), () => {
}); erpnext.bulk_transaction_processing.create(listview, "Purchase Order", "Payment Entry");
});
}
}, },
}; };

20
erpnext/buying/doctype/supplier_quotation/supplier_quotation_list.js
View File

@@ -11,12 +11,20 @@ frappe.listview_settings["Supplier Quotation"] = {
}, },
onload: function (listview) { onload: function (listview) {
listview.page.add_action_item(__("Purchase Order"), () => { if (frappe.model.can_create("Purchase Order")) {
erpnext.bulk_transaction_processing.create(listview, "Supplier Quotation", "Purchase Order"); listview.page.add_action_item(__("Purchase Order"), () => {
}); erpnext.bulk_transaction_processing.create(listview, "Supplier Quotation", "Purchase Order");
});
}
listview.page.add_action_item(__("Purchase Invoice"), () => { if (frappe.model.can_create("Purchase Invoice")) {
erpnext.bulk_transaction_processing.create(listview, "Supplier Quotation", "Purchase Invoice"); listview.page.add_action_item(__("Purchase Invoice"), () => {
}); erpnext.bulk_transaction_processing.create(
listview,
"Supplier Quotation",
"Purchase Invoice"
);
});
}
}, },
}; };

16
erpnext/selling/doctype/quotation/quotation_list.js
View File

@@ -12,13 +12,17 @@ frappe.listview_settings["Quotation"] = {
}; };
} }
listview.page.add_action_item(__("Sales Order"), () => { if (frappe.model.can_create("Sales Order")) {
erpnext.bulk_transaction_processing.create(listview, "Quotation", "Sales Order"); listview.page.add_action_item(__("Sales Order"), () => {
}); erpnext.bulk_transaction_processing.create(listview, "Quotation", "Sales Order");
});
}
listview.page.add_action_item(__("Sales Invoice"), () => { if (frappe.model.can_create("Sales Invoice")) {
erpnext.bulk_transaction_processing.create(listview, "Quotation", "Sales Invoice"); listview.page.add_action_item(__("Sales Invoice"), () => {
}); erpnext.bulk_transaction_processing.create(listview, "Quotation", "Sales Invoice");
});
}
}, },
get_indicator: function (doc) { get_indicator: function (doc) {

80
erpnext/selling/doctype/sales_order/sales_order_list.js
View File

@@ -63,47 +63,57 @@ frappe.listview_settings["Sales Order"] = {
listview.call_for_selected_items(method, { status: "Submitted" }); listview.call_for_selected_items(method, { status: "Submitted" });
}); });
listview.page.add_action_item(__("Sales Invoice"), () => { if (frappe.model.can_create("Sales Invoice")) {
erpnext.bulk_transaction_processing.create(listview, "Sales Order", "Sales Invoice"); listview.page.add_action_item(__("Sales Invoice"), () => {
}); erpnext.bulk_transaction_processing.create(listview, "Sales Order", "Sales Invoice");
});
}
listview.page.add_action_item(__("Delivery Note"), () => { if (frappe.model.can_create("Delivery Note")) {
frappe.call({ listview.page.add_action_item(__("Delivery Note"), () => {
method: "erpnext.selling.doctype.sales_order.sales_order.is_enable_cutoff_date_on_bulk_delivery_note_creation", frappe.call({
callback: (r) => { method: "erpnext.selling.doctype.sales_order.sales_order.is_enable_cutoff_date_on_bulk_delivery_note_creation",
if (r.message) { callback: (r) => {
var dialog = new frappe.ui.Dialog({ if (r.message) {
title: __("Select Items up to Delivery Date"), var dialog = new frappe.ui.Dialog({
fields: [ title: __("Select Items up to Delivery Date"),
{ fields: [
fieldtype: "Date", {
fieldname: "delivery_date", fieldtype: "Date",
default: frappe.datetime.add_days(frappe.datetime.nowdate(), 1), fieldname: "delivery_date",
}, default: frappe.datetime.add_days(frappe.datetime.nowdate(), 1),
], },
}); ],
dialog.set_primary_action(__("Select"), function (values) { });
var until_delivery_date = values.delivery_date; dialog.set_primary_action(__("Select"), function (values) {
var until_delivery_date = values.delivery_date;
erpnext.bulk_transaction_processing.create(
listview,
"Sales Order",
"Delivery Note",
{
until_delivery_date,
}
);
dialog.hide();
});
dialog.show();
} else {
erpnext.bulk_transaction_processing.create( erpnext.bulk_transaction_processing.create(
listview, listview,
"Sales Order", "Sales Order",
"Delivery Note", "Delivery Note"
{
until_delivery_date,
}
); );
dialog.hide(); }
}); },
dialog.show(); });
} else {
erpnext.bulk_transaction_processing.create(listview, "Sales Order", "Delivery Note");
}
},
}); });
}); }
listview.page.add_action_item(__("Advance Payment"), () => { if (frappe.model.can_create("Payment Entry")) {
erpnext.bulk_transaction_processing.create(listview, "Sales Order", "Payment Entry"); listview.page.add_action_item(__("Advance Payment"), () => {
}); erpnext.bulk_transaction_processing.create(listview, "Sales Order", "Payment Entry");
});
}
}, },
}; };

22
erpnext/stock/doctype/delivery_note/delivery_note_list.js
View File

@@ -57,16 +57,20 @@ frappe.listview_settings["Delivery Note"] = {
} }
}; };
// doclist.page.add_actions_menu_item(__('Create Delivery Trip'), action, false); if (frappe.model.can_create("Delivery Trip")) {
doclist.page.add_action_item(__("Create Delivery Trip"), action);
}
doclist.page.add_action_item(__("Create Delivery Trip"), action); if (frappe.model.can_create("Sales Invoice")) {
doclist.page.add_action_item(__("Sales Invoice"), () => {
erpnext.bulk_transaction_processing.create(doclist, "Delivery Note", "Sales Invoice");
});
}
doclist.page.add_action_item(__("Sales Invoice"), () => { if (frappe.model.can_create("Packing Slip")) {
erpnext.bulk_transaction_processing.create(doclist, "Delivery Note", "Sales Invoice"); doclist.page.add_action_item(__("Packaging Slip From Delivery Note"), () => {
}); erpnext.bulk_transaction_processing.create(doclist, "Delivery Note", "Packing Slip");
});
doclist.page.add_action_item(__("Packaging Slip From Delivery Note"), () => { }
erpnext.bulk_transaction_processing.create(doclist, "Delivery Note", "Packing Slip");
});
}, },
}; };

3
erpnext/utilities/bulk_transaction.py
View File

@@ -8,6 +8,9 @@ from frappe.utils import get_link_to_form, today
@frappe.whitelist() @frappe.whitelist()
def transaction_processing(data, from_doctype, to_doctype, args=None): def transaction_processing(data, from_doctype, to_doctype, args=None):
frappe.has_permission(from_doctype, "read", throw=True)
frappe.has_permission(to_doctype, "create", throw=True)
if isinstance(data, str): if isinstance(data, str):
deserialized_data = json.loads(data) deserialized_data = json.loads(data)
else: else: